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DETAILED ACTION 

1 . Claims 1-37 are pending. 



Information Disclosure Statement 

2. The information disclosure statement (IDS) submitted on 8/29/2003. The 
submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the 
information disclosure statement is being considered by the examiner. 



Claim Objections 

3. Claims 1, 11. 21, 30. 33, 36, and 37 are objected to because of the following 
informalities: 

a. Claims 1 , 21 , 30, and 36 recite the limitation "providing path-level access 
control to a structured document" starting in line 1, which states the "intended 
use" of the database system. Function(s) following the term "for" indicate "system 
ability" and/or "intended use" and do(es) not hold patentable weight. 

b. Claims 1 1 , 33, and 37 recite the limitation "providing path-level access 
control to a structured document" starting in line 1 , which states the "intended 
use" of the database system. Function(s) following the term "for" indicate "system 
ability" and/or "intended use" and do(es) not hold patentable weight. 
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Appropriate correction is required. 

Specification 

4. The specification is objected to as failing to provide proper antecedent basis for 
the claimed subject matter. See 37 CFR 1 .75(d)(1) and MPEP j 608.01(0). Correction of 
the following is required: claims 11, 33, and 37 recite the limitation "computer readable 
medium containing programming instructions". There is insufficient antecedent basis for 
this claim. The specification does not teach any definition of "computer readable 
medium" or "media" in general. Appropriate correction is required. 

Claim Rejections - 35 USC § 101 

5. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

6. Claims 11-29, 33-35, and 37 are rejected under 35 U.S.C. 101 because the 
claimed invention is directed to non-statutory subject matter. Claims 1 1-20 are directed 
to "a computer readable medium containing programming instructions for providing 
path-level access control", and lacks hardware component to enable the function to be 
realized. The claim is embodied in software per se, and is non-statutory. Claims 33-35 
and 37 are also directed to "a computer readable medium" and contain the same 
limitation, and are similarly rejected. 
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Independent claim 20 is directed to "a system for providing path level access 
control" and the limitation "a database management system in a computer system". The 
claim is read to indicate that the database management system is software per se, 
being executed on a system, with not hardware components for the function to be 
realized, and is non-statutory. Dependent claims 22-29 are directed to the "a system for 
providing path level access controls", lacking any hardware components, and are 
similarly rejected. 



Claim Rejections - 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

8. Claims 1-37 are rejected under 35 U.S.C. 102(b) as being anticipated by Damiani 
et al. ("A Fine Grained Access Control System for XML Documents", Published May 
2002 in "ACM Transactions on Information and System Security", Vol. 5, No. 2, Pages 
169-202). 

As per claim 1, Damiani teaches "A method for providing path-level access 
control to a structured document in a collection stored in a database, wherein the 
structured document comprises a plurality of nodes," (see Introduction, pg. 171) "a) 
providing an access control policy for the collection, wherein the access control policy 
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comprises a plurality of access control rules;" (pg. 183, section 5.1 "Basic Features of 
the Access Authorizations", wherein access authorization rules determine whether a 
user has access to objects) "b) generating a path for each node of the plurality of nodes 
in the document;" (pg. 174, Example 2.1 and Figure 1(a), wherein the DTD of an XML 
document shows path information) "and c) generating for each path associated with a 
node a corresponding value expression based on at least one access control rule of the 
plurality of access control rules, wherein the corresponding value expression is utilized 
during access control evaluation to determine whether a user is allowed to access a 
node in the structured document." (pg. 186, Section 5.2 "Access Authorization" and 
Figure 5, wherein access authorizations express the requirement of access for each 
path of the object) 

As per claim 2, Damiani teaches "the value expression is an executable 
statement indicating who is granted or denied access to the corresponding path 
associated with the node." (pg. 186, Example 5.1 and Figure 5, wherein the "Sign" 
column indicates the subjects who are granted or denied access to each path 
expression associated with an object) 

As per claim 3, Damiani teaches "(d) storing each path and the corresponding 
value expression in a table." (pg. 186, Figure 5, wherein the access authorizations are 
kept in a table) 

As per claim 4, Damiani teaches "(e) compiling each value expression prior to 
storing step (d)" (pg. 186, Example 5.1, wherein each access authorization is compiled 
and collected prior to placement in the table) 
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As per claim 5, Damiani teaches "(f) receiving a query from a user, wherein the 
query requests access to a node in the document;" (pg. 192, Example 6.1 lines 1-4, 
wherein a query from a user is received) "(g) executing the query;" (pg. 192, Example 
6.1 lines 6-8, wherein the query is executed) "(h) evaluating the value expression 
corresponding to the path associated with the requested node;" (pg. 187, section 6.1 
"Document Tree Labeling" and Figure 8, wherein the requested object's access 
authorization is examined and evaluated compared to the user id) "(i) displaying data 
associated with the requested node if the value expression grants access to the user;" 
(pg. 192, Example 6.1 lines 14-21 and Figure 9(a) and 9(b), wherein the data is 
displayed showing accessible objects) "and (j) hiding data associated with the 
requested node if the value expression denies access to the user." (pg. 192, Example 
6.1 lines 14-21 and Figure 9(a) and 9(b), wherein the data is displayed hiding denied 
objects) 

As per claim 6, Damiani teaches "the evaluating step (h) is performed during a 
run time." (pg. 188, section 6.1 "Document Tree Labeling", wherein the authorizations 1 
behavior varies from different requesters at runtime) 

As per claim 7, Damiani teaches "wherein generating step (c) further comprises: 
(c1) normalizing each of the access control rules into a format comprising a head, a 
path and a condition, wherein the condition indicates who is granted or denied access to 
the path and under what circumstances;" (pg. 186, Example 5.1 and Figure 5, wherein 
the access authorization includes a subject, a path expression and a sign that indicated 
the condition) "(c2) propagating each of the plurality of access control rules through 
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each path such that access to each path is defined by at least one access control rule;" 
(pg. 183, section 5.1 "Basic Features of the Access Authorizations" paragraph 2, 
wherein the authorizations can be recursive, propagating through the paths) "and (c3) 
transforming each of the at least one access control rules affecting each path into a 
statement indicating who is granted and denied access to the path. (pg. 183, section 5.1 
"Basic Features of the Access Authorizations" paragraph 3, wherein the authorizations 
are indicative of who is granted or denied access, including groups) 

As per claim 8, Damiani teaches "(e) replacing the value expression for a path 
associated with a node with a reference notation if the value expression is identical to 
that for a path associated with the node's parent, thereby eliminating repeated value 
expressions in the table." (pg. 183, section 5.1 "Basic Features of the Access 
Authorizations" paragraph 2 lines 9-13, wherein recursive propagation of the 
authorizations applies to all descendant objects until overridden by a conflicting sign) 

As per claim 9, Damiani teaches "the providing step (a) comprises: (a1) writing 
the plurality of access control rules; and (a2) validating the plurality of access control 
rules such that the resulting rules are syntactically and logically valid." (pg. 180, section 
4 "Authorization Objects", wherein the authorizations are written and validated) 

As per claim 10, Damiani teaches "the structured document is written in 
Extensible Markup Language, (pg. 176 paragraph 2 and Figures 1-2, wherein 
documents are in XML format) 
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As per claim 1 1 , Damiani teaches "A computer readable medium containing 
programming instructions for providing path-level access control to a structured 
document in a collection stored in a database, wherein the structured document 
comprises a plurality of nodes," (see Introduction, pg. 171). For the remaining steps of 
this claim applicant(s) is/are directed to the remarks and discussions made in claim 1 
above. 

As per claims 12-20, these claims teach the limitations covering the same 
grounds as rejected claims 2-10, as discussed above, and are similarly rejected. 

As per claim 21 , Damiani teaches "A system for providing path-level access 
control to a structured document in a collection stored in a database, wherein the 
structured document comprises a plurality of nodes," (see Introduction, pg. 171) "a 
database management system in a computer system;" (pg. 199, section 8.3 "The Java 
Implementation") "an access control policy for the collection, wherein the access control 
policy comprises a plurality of access control rules;" (pg. 183, section 5.1 "Basic 
Features of the Access Authorizations", wherein access authorization rules determine 
whether a user has access to objects) "and an Access Control mechanism in the 
database management system for generating a path for each node of the plurality of 
nodes in the document," (pg. 174, Example 2.1 and Figure 1(a), wherein the DTD of an 
XML document shows path information) "and for generating for each path associated 
with a node a corresponding value expression based on at least one access control rule 
of the plurality of access control rules, wherein the database management system 
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utilizes the corresponding value expression during access control evaluation to 
determine whether a user is allowed to access a node in the structured document." (pg. 
186, Section 5.2 "Access Authorization" and Figure 5, wherein access authorizations 
express the requirement of access for each path of the object) 

As per claim 22, Damiani teaches "the value expression is an executable 
statement indicating who is granted or denied access to the corresponding path 
associated with the node." (pg. 186, Example 5.1 and Figure 5, wherein the "Sign" 
column indicates the subjects who are granted or denied access to each path 
expression associated with an object) 

As per claim 23, Damiani teaches " the Access Control mechanism is configured 
to store each path and the corresponding value expression in a table." (pg. 186, Figure 
5, wherein the access authorizations are kept in a table) 

As per claim 24, Damiani teaches "a compiler for compiling each value 
expression prior to storing in the table." (pg. 186, Example 5.1, wherein each access 
authorization is compiled and collected prior to placement in the table) 

As per claim 25, Damiani teaches "the database management system is 
configured to receive a query from a user, wherein the query requests access to a node 
in the document," (pg. 192, Example 6.1 lines 1-4, wherein a query from a user is 
received) "to execute the query," (pg. 192, Example 6.1 lines 6-8, wherein the query is 
executed) "to evaluate the value expression corresponding to the path associated with 
the requested node," (pg. 187, section 6.1 "Document Tree Labeling" and Figure 8, 
wherein the requested object's access authorization is examined and evaluated 
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compared to the user id) "to display data associated with the requested node if the 
value expression grants access to the user," (pg. 192, Example 6.1 lines 14-21 and 
Figure 9(a) and 9(b), wherein the data is displayed showing accessible objects) "and to 
hide data associated with the requested node if the value expression denies access to 
the user." (pg. 192, Example 6.1 lines 14-21 and Figure 9(a) and 9(b), wherein the data 
is displayed hiding the denied objects) 

As per claim 26, Damiani teaches "access control evaluation is performed during 
a run time." (pg. 188, section 6.1 "Document Tree Labeling", wherein the authorizations' 
behavior varies from different requesters at runtime) 

As per claim 27, Damiani teaches "a translator for normalizing each of the access 
control rules into a format comprising a head, a path and a condition, wherein the 
condition indicates who is granted or denied access to the path," (pg. 186, Example 5.1 
and Figure 5, wherein the access authorization includes a subject, a path expression 
and a sign that indicated the condition) "and for propagating each of the plurality of 
access control rules through each path such that access to each path is defined by at 
least one access control rule;" (pg. 183, section 5.1 "Basic Features of the Access 
Authorizations" paragraph 2, wherein the authorizations can be recursive, propagating 
through the paths) "and a value expression generator for transforming each of the at 
least one access control rules associated with each path into a statement indicating who 
is granted and denied access to the path." (pg. 183, section 5.1 "Basic Features of the 
Access Authorizations" paragraph 3, wherein the authorizations are indicative of who is 
granted or denied access, including groups) 
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As per claim 28, Damiani teaches "the access control rules are syntactically and 
logically valid." (pg. 180, section 4 "Authorization Objects", wherein the authorizations 
use a standard language, XPath, for validation) 

As per claim 29, Damiani teaches "the structured document is written in 
Extensible Markup Language." (pg. 176 paragraph 2 and Figures 1-2, wherein 
documents are in XML format) 

As per claim 30, Damiani teaches "A method for providing path-level access 
control to a structured document in a collection stored in a database, wherein the 
structured document comprises a plurality of nodes," (see Introduction, pg. 171) "a) 
providing an access control policy for the collection, wherein the access control policy 
comprises a plurality of access control rules;" (pg. 183, section 5.1 "Basic Features of 
the Access Authorizations", wherein access authorization rules determine whether a 
user has access to objects) "b) generating a path for each node of the plurality of nodes 
in the document;" (pg. 174, Example 2.1 and Figure 1(a), wherein the DTD of an XML 
document shows path information) "c) generating for each path associated with a node 
a corresponding value expression based on at least one access control rule of the 
plurality of access control rules, wherein the value expression is an executable 
statement indicating who is granted or denied access to the corresponding path 
associated with the node;" (pg. 186, Section 5.2 "Access Authorization" and Figure 5, 
wherein access authorizations express the requirement of access for each path of the 
object) "and (d) storing each path and the corresponding value expression in a table;" 
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(pg. 186, Figure 5, wherein the access authorizations are kept in a table) "wherein the 
corresponding value expression is utilized during access control evaluation to determine 
whether a user is allowed to access a node in the structured document." (pg. 186, 
Example 5.1 and Figure 5, wherein the "Sign" column indicates the subjects who are 
granted access to each path expression associated with an object) 

As per claim 31, Damiani teaches "(e) receiving a query from a user, wherein the 
query requests access to a node in the document;" (pg. 192, Example 6.1 lines 1-4, 
wherein a query from a user is received) "(f) executing the query;" (pg. 192, Example 
6.1 lines 6-8, wherein the query is executed) "(g) evaluating the value expression 
corresponding to the path associated with the requested node during a run time;" (pg. 
187, section 6.1 "Document Tree Labeling" and Figure 8, wherein the requested object's 
access authorization is examined and evaluated compared to the user id) "(h) displaying 
data associated with the requested node if the value expression grants access to the 
user;" (pg. 192, Example 6.1 lines 14-21 and Figure 9(a) and 9(b), wherein the data is 
displayed showing accessible objects) "and (i) hiding data associated with the 
requested node if the value expression denies access to the user." (pg. 192, Example 
6.1 lines 14-21 and Figure 9(a) and 9(b), wherein the data is displayed hiding denied 
objects) 

As per claim 32, Damiani teaches "generating step (c) further comprises: (c1) 
normalizing each of the access control rules into a format comprising a head, a path 
and a condition, wherein the condition indicates who is granted or denied access to the 
path and under what circumstances;" (pg. 186, Example 5.1 and Figure 5, wherein the 
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access authorization includes a subject, a path expression and a sign that indicated the 
condition) "(c2) propagating each of the plurality of access control rules through each 
path such that access to each path is defined by at least one access control rule;" (pg. 
183, section 5.1 "Basic Features of the Access Authorizations" paragraph 2, wherein the 
authorizations can be recursive, propagating through the paths) "and (c3) transforming 
each of the at least one access control rules affecting each path into a statement 
indicating who is granted and denied access to the path." (pg. 183, section 5.1 "Basic 
Features of the Access Authorizations" paragraph 3, wherein the authorizations are 
indicative of who is granted or denied access, including groups) 

As per claim 33, Damiani teaches "A computer readable medium containing 
programming instructions for providing path-level access control to a structured 
document in a collection stored in a database, wherein the structured document 
comprises a plurality of nodes," (see Introduction, pg. 171). For the remaining steps of 
this claim applicant(s) is/are directed to the remarks and discussions made in claim 30 
above. 

As per claims 34-35, these claims teach the limitations covering the same 
grounds as rejected claims 31-32, as discussed above, and are similarly rejected. 

As per claim 36, Damiani teaches "A method for providing path-level access 
control to a structured document in a collection stored in a database, wherein the 
structured document comprises a plurality of nodes," (see Introduction, pg. 171) "a) 
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providing an access control policy for the collection, wherein the access control policy 
comprises a plurality of access control rules;" (pg. 183, section 5.1 "Basic Features of 
the Access Authorizations", wherein access authorization rules determine whether a 
user has access to objects) "b) generating a path for each node of the plurality of nodes 
in the document;" (pg. 174, Example 2.1 and Figure 1(a), wherein the DTD of an XML 
document shows path information) "c) generating for each path associated with a node 
a corresponding value expression based on at least one access control rule of the 
plurality of access control rules," (pg. 186, Section 5.2 "Access Authorization" and 
Figure 5, wherein access authorizations express the requirement of access for each 
path of the object) "wherein the generating step comprising: (c1) normalizing each of 
the access control rules into a format comprising a head, a path and a condition, 
wherein the condition indicates who is granted or denied access to the path and under 
what circumstances;" (pg. 186, Example 5.1 and Figure 5, wherein the access 
authorization includes a subject, a path expression and a sign that indicated the 
condition) "(c2) propagating each of the plurality of access control rules through each 
path such that access to each path is defined by at least one access control rule;" (pg. 
183, section 5.1 "Basic Features of the Access Authorizations" paragraph 2, wherein the 
authorizations can be recursive, propagating through the paths) "and (c3) transforming 
each of the at least one access control rules affecting each path into a statement 
indicating who is granted and denied access to the path;" (pg. 183, section 5.1 "Basic 
Features of the Access Authorizations" paragraph 3, wherein the authorizations are 
indicative of who is granted or denied access, including groups) "and (d) storing each 
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path and the corresponding value expression in a table; wherein the corresponding 
value expression is utilized during access control evaluation to determine whether a 
user is allowed to access a node in the structured document." (pg. 186, Example 5.1 
and Figure 5, wherein the "Sign" column indicates the subjects who are granted or 
denied access to each path expression associated with an object) 

As per claim 37, Damiani teaches "A computer readable medium containing 
programming instructions for providing path-level access control to a structured 
document in a collection stored in a database, wherein the structured document 
comprises a plurality of nodes" (see Introduction, pg. 171). For the remaining steps of 
this claim applicant(s) is/are directed to the remarks and discussions made in claim 36 
above. 

Conclusion 

9. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Bapat et al. (US Patent 6,236,996 B1) 

Glasser et al. (US Patent 6,308,173 B1) 

Lei etal. (US Patent 6,631,371 B1) 

Cook et al. (US Patent 6,820,082 B1) 

Moses (US Patent 7,031,962 B2) 
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10. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Dangelino N. Gortayo whose telephone number is 
(571)272-7204. The examiner can normally be reached on M-F 7:30-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Tim T. Vo can be reached on (571)272-3642. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Dangelino N. Gortayo 
Examiner 
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